Mutating malware is infesting the Android Market

Over the past year or so, there have been several widely-publicized reports of malicious applications making their way into the Android Market. It’s something Microsoft jumped on with that whole #Droidrage thing on Twitter, but Google recently announced that it was turning loose Bouncer in the Market to automatically rid their app store of malware. Bouncer’s job is going to get a little trickier, says Symantec, now that Android malware is mutating.

Since its beginnings, the cat-and-mouse game between malware and anti-malware software has worked like this: the bad guys release their code, and then the good guys discover it and release definitions that can detect and remove it. Round two begins when the bad guys tweak a line or two and push the code out as a new variant of the original malware. Definitions are once again updated, and the battle rages on ad infinitum.

The ne’er-do-wells producing malicious code sometimes save themselves time and effort by building malware with a feature called “server-side polymorphism.” In simple terms, the malware is altered slightly by delivery servers before the downloads are pushed out to victims. That makes definition-based detection trickier. It’s a tactic often seen with desktop malware (like the thousands of FakeAV variants out there) — and Symantec is reporting that a piece of Android malware is now employing the same tactic.

Labeled Android.Opfake, the trojan harvests money for its controllers by subversively sending premium-rate text messages. Each time it’s downloaded, the trojan mutates slightly. Symantec’s Vikram Thakur says that this kind of sophistication “requires more intelligent countermeasures.”

It’ll be interesting to see if Bouncer is up to the task — whether he’s all brawn and no brains, or if he boasts the necessary deductive reasoning skills to put the kibosh on mutating malware.